The present invention relates to an apparatus for electronically storing and controlling personal information. More particularly, the present invention relates to a processing method and apparatus used by a second party rendering services of providing personal information on a first party, who registered the information to the second party, only to a specified third party permitted by the first party to refer to the information online. Even more particularly, the present invention relates to a processing method and apparatus used by a second party rendering services of providing various kinds of personal information such as a resident card a certificate of a seal impression, birth certificates and the like, which have been registered to the second party by a first party to be used as a legal proof of the first party, only to a specified third party permitted by the first party to refer to the information online.
A local self-governing body such as a municipal office, that is, a second party, electronically keeps information on individuals and corporations such as information on composition of household members birth and death records, stamp data of a registered seal, articles of incorporation, etc. Such a second party renders services such as granting a copy of such information when requested by a first party, that is, a person who registered the information to the local self-governing body. It should be noted that, in the present specification, such information is generically referred to hereafter as personal information, whereas a person who registers personal information of the person to a second party is referred to hereafter as a personal information registrant.
At the present time, a request for a certificate based on the personal information is automated by using a magnetic card having magnetic stripes. The use of the magnetic card is intended to increase the efficiency of the processing to grant the certificate. In this automated method, the personal information registrant, who serves as an operator of an automatic certificate granting apparatus for granting such a certificate, inserts a magnetic card bearing the identification information assigned to the registrant, then enters a password to obtain a copy of a desired certificate. Receiving a password, the automatic certificate granting apparatus makes an inquiry to a data base for storing personal information on a host computer about the validity of the password. After verifying that the password is valid, the automatic certificate granting apparatus prints the desired personal information as a certificate. In addition, in order to avoid falsification of the certificate, the term of validity as a certificate and a seal impression of the local self-governing body granting the certificate are automatically put on the printed copy. Normally, the personal information registrant submits the certificate obtained by following the procedure explained above to an executive agency such as a motor vehicle administration or the Public Safety Agency or to an enterprise, a third party, as an attachment to some notice or contract. The belief of the executive agency or the enterprise in the contents of the certificate is based on the seal impression of the local self-governing body granting the certificate which is put on the printed copy of the certificate. The method described above is disclosed in Japanese Patent Laid-open No. Hei 8-129587.
However, the above described method for granting a certificate adopted by use of an automatic certificate granting apparatus has the following two disadvantages:
(1) The method is inconvenient since it is necessary for a person who wants to obtain a granted certificate to visit the office of a local self-governing body.
(2) The method is further inconvenient since items described in an already granted certificate may change after the issuance of the certificate. Thus, the certificate must always be provided with a term of validity of about several months. Therefore, when the term of validity expires before the certificate obtained from the office is used, it is necessary for the applicant to get the certificate granted again with a renewed term of validity even if the items thereof remain the same.
The above described disadvantages can be said to be attributed to the fact that a granted certificate is printed on a piece of paper. The above disadvantages can possibly be overcome if personal information described in a certificate can be obtained online from a host computer which is used for keeping the personal information at the time the certificate is needed. Then, the personal information output by the host computer can be used in place of the certificate.
If the host computer goes online and easy online access to the computer can be made by a user, other disadvantages described below will be raised. Thus, there are some difficulties in achieving a method which allows a party to acquire personal information described in a certificate from the host computer online and use the information output by the computer in place of a certificate.
If the personal information registrant is allowed to make online access to the host computer, it is no longer possible to provide a valid certificate of the personal information acquired from the computer. Particularly, if the personal information registrant is allowed to acquire personal information online from the host computer, the registrant will be capable of falsifying the acquired information before printing it on equipment such as a printer. As a result, a third party cannot trust the validity of the printed personal information as a certificate.
To overcome the above described disadvantages, the right of online access to the host computer may, instead, be granted to the third party such as an executive agency or an enterprise to which a certificate is to be submitted. This is done in order to eliminate the possibility of the personal information registrant falsifying data of the certificate. If the personal information referencer acquires the personal information described in the certificate directly from the host computer, there will no longer be a reason for the information referencer to worry about the chance of such falsification. In this case, however, there is a disadvantage that the privacy of the personal information registrant can not be adequately protected, since the personal information referencer is capable of freely referring to any personal information stored in the host computer without the consent of the registrant of the personal information.
Accordingly, simply making the host computer which stores personal information available for access online does not satisfy the need for efficient and trustable processing of personal information due to the disadvantages described above. Namely, online access to the personal information stored by a host computer does not allow for the same trustability as contemporary certificates with respect to personal information obtained from the host computer. Further, the privacy of the personal information registrant cannot be fully protected. As a result, the objective to acquire personal information used to from the host computer online and use the personal information in place of a certificate cannot be fully achieved.
Another method has been proposed to overcome the disadvantage of the conventional personal information controlling method and apparatus. This method involves a technique of simply applying a digital signature technology which can be used as a measure for avoiding falsification of personal information. Digital signature technology for example, is disclosed in xe2x80x9cPGP: Pretty Good Privacy,xe2x80x9d by Simson Garfinkel and published by O""Reilley and Associates Inc., on pages 218 to 227. However, this technique is inconvenient for both the personal information registrant and the personal information referencer due to the fact that a recording medium which has stored thereon acquired personal information cannot be conveniently attached to a printed contract.
Assume that the office of a local self-governing body such as the municipal office grants a recording medium, which has for recorded thereon personal information with a digital signature appended thereto, to a personal information registrant in place of a printed certificate. In this case, the personal information registrant submits the recording medium to a personal information referencer in place of a printed certificate. According to current custom, however, the personal information registrant generally submits a certificate to the personal information referencer as an attachment to a printed contract. Submitting a printed contract with the attached certificate as set is very convenient for the personal information registrant. Submitting a recording medium with a printed contract as suggested by the proposed technique is very inconvenient for the personal information registrant when compared to the present way of submitting documents since it is difficult to attach the recording medium to the printed contract.
One may attempt to eliminate the recording medium from a set of submitted documents by printing the personal information normally recorded on a recording medium with a digital signature appended thereto, in a form similar to a printed copy of an electronic mail message with a digital signature appended thereto as shown in page 224 of the above Garfinkel reference. In order to verify the validity of printed personal information, however, it is necessary for the personal information referencer to convert the printed personal information back into electronic data. In addition, it is also necessary for the personal information referencer to have an apparatus with a function for authenticating a digital signature on the electronic data resulting from the conversion. Thus, the personal information reference is required to expend a large amount of labor to check the validity of printed personal information.
If the contracts themselves can be made electronically, then all of the work to submit a contract can also be done online along with the exchange of a certificate including a digital signature appended thereto for verifying the certificate. However, at present printed contracts are more comfortable to individuals and organizations. Thus, printed contracts rather than electronic contracts will continue to be extensively used.
It is an object of the present invention to provide a personal information controlling method and apparatus for controlling pieces of personal information such as data of resident cards, birth and death records, articles of incorporation, certificates of seal impressions and the like and for issuing a specific piece of personal information data at a request made by the owner of the personal information wherein:
(1) only a specific personal information referencer specified by a registrant of personal information is allowed to acquire the specific piece of personal information online; and
(2) it is no longer necessary for the personal information registrant to exchange electronic data with the specific personal information referencer specified by the personal information registrant.
The present invention provides a personal information controlling method in personal information controlling apparatus for controlling pieces of personal information such as information on a composition of household members, birth and death records, articles of incorporation, stamp data of a registered seal impression and the like and for issuing a specific piece of personal information data at a request made by the owner of the personal information. The personal information controlling method includes an inquiry code issuing step of generating and outputting an inquiry code in accordance with an instruction given by the personal information registrant, wherein the inquiry code will be used by the personal information referencer making an attempt to acquire the specific piece of personal information as an identification of the specific piece of personal information, and a personal information acquiring step of requesting the personal information referencer to enter the inquiry code and outputting the specific piece of personal information identified by the inquiry code only if the inquiry code actually entered by the personal information referencer matches the true inquiry code generated and output at the inquiry code issuing step.
The inquiry code issuing step includes a registrant authenticating step of verifying validity of the personal information registrant instructing issuance of the inquiry code, and an inquiry code generating step of generating the inquiry code. The personal information acquiring step includes an inquiry code authenticating step of verifying validity of an inquiry code actually entered by the personal information referencer, and a personal information outputting step of outputting the specific piece of personal information identified by the inquiry code entered by the personal information referencer.
According to the present invention, since an inquiry code is generated at the inquiry code issuing step only if the personal information registrant itself operates the personal information controlling apparatus, an operator other than the personal information registrant itself is not capable of causing the personal information controlling apparatus to execute the processing necessary to carry out the issue of an inquiry code. An inquiry code can be issued only at a request made by the personal information registrant.
At the personal information acquiring step, on the other hand, a personal information referencer making an attempt to acquire personal information on a specific personal information registrant is required to enter an inquiry code which can be issued only at the inquiry code issuing step by the specific personal information registrant. The personal information referencer is capable of acquiring personal information only if the personal information registrant requests the personal information controlling apparatus to execute the inquiry code issuing step and informs the personal information referencer of an inquiry code issued at the step for the personal information owned by the personal information registrant. As a result, it is possible to achieve the first object of the present invention to allow only a specific personal information referencer appointed by a personal information registrant to acquire personal information owned by the personal information registrant in an online way.
In addition, data having such a length that the data can be manually marked on a document with a high degree of freedom may be used as an inquiry code. Examples of such data are the reference number of processing or a password generated from a random number. In order to notify a personal information referencer of an inquiry code, it is thus not necessary for a personal information registrant to pass electronic data to the personal information referencer. As a result, it is possible to achieve the second object of the present invention to eliminate the necessity to exchange electronic data between the personal information registrant and the specific personal information referencer.